Tuesday, March 24, 2009

Hiding the "View All Site Content" and "Recycle Bin" links in SharePoint

In my experience, there has been more than one client requesting/requiring I hide the "View All Site Content" and "Recycle Bin" links on the out-of-the-box (OOTB) SharePoint Quick Launch navigation normally located on the left hand side of the rendered page. Why? Evidentially, giving users with low-level privileges to edit pages and lists items should not always dictate they have the same access rights to view all site content. Okay, so be it. So what are our options?

Well, there is more than one way to skin a cat — er, SharePoint.

As with a lot of different solutions for SharePoint, there are several approaches one could take to successfully accomplish this — some cleaner than others — and it is also dependent upon whether or not you are working with WSS 3.0 or MOSS 2007.

To get a better understanding, lets look at the code pertaining to the VASC and RB links on the default master page:

This CSS code can be added to one of two places. If you're not dealing with MOSS, or you have not enabled the Publishing feature in MOSS then the down and dirty way would be to modify the core.css file in the 12 Hive. It is found here:12\TEMPLATE\LAYOUTS\1033\STYLES\CORE.CSS

While this is a fast and simple way to hide the link it isn't best practices to modify core.css and isn't supported by Microsoft. Also, if you ever install any future updates/releases/hotfixes from Microsoft you are risking having your work overwritten by the Microsoft installation.

I personally like to follow best practices supported by Microsoft, have ways to back out of my customizations, and never risk my stuff gets overwritten by any future updates or installations to SharePoint. Having said all of this, I am left with a few more options.

If you are working with MOSS 2007 and you have the Publishing feature enabled you can set an alternate CSS file and add your custom CSS there. This file can be created in SharePoint Designer and saved to the Styles Library (more on that topic another day), or the file can be added to the 12 hive via xcopy or through a feature. In either case, once the CSS was written it would be applied through the SharePoint UI by browsing to Site Actions > Site Settings > Modify All Site Settings, and under the Look and Feel heading click on Master Page Settings. All the way at the bottom of the page is a section to select an alternate CSS file. Click apply and you're done.

His article covers and provides a solution (WSP) with more information on how to hide (remove) the View All Site Content link and/or the Recycle Bin link from the quick launch navigation without having to customize the master page. Instead, an additional "View all site content" menu item is added to the Site Action menu and is accessible only to users having the AddAndCustomizePages access rights.

This is a nice feature when dealing with WSS 3.0 or collaboration sites which don't have the publishing feature enabled, because by that link is already there on Publishing enabled sites. Because it is a feature, you can activate or deactivate it for each site as needed. Here is the new feature that will appear in the list of Site Features for a web site.

Even though this may fulfill technical and business requirements for hiding the link I don't like the fact that you are left with an empty row at the top of Quick Launch.

Here is a picture of the typical View All Site Content link as it appears on a SharePoint web site and how it looks after it is hidden.

Before

After

Now you are left with having to do some custom work to your master page to remove the table row, and that was probably not what you were looking to do when you signed up for a packaged solution. If you cannot change your master page then try my suggested CSS above. If you are looking for a packaged fix the I guess Mark's solution is the right one for you and you're done. BUT, if editing the master page is an option, read on.

One of the best additions to WSS 3.0 and MOSS is something called security trimming. This new enhancement is leveraged all over the place in SharePoint. What's more, you can leverage it to solve the issues around the "View all site content" and Recycle Bin" links. By changing the PermissionsString property value in the SharePoint:SPSecurityTrimmedControl tag, you can control the level of visiblility for the VASC and RB links to users with different permissions. Here are some of the different values that can be set:

ViewFormPages: View forms, views, and application pages, and enumerate lists. This is the default value used in SharePoint.

BrowseDirectories: Enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces.

ManageWeb: Grant the ability to perform all administration tasks for the Web site as well as manage content. Activate, deactivate, or edit properties of Web site scoped Features through the object model or through the user interface (UI). When granted on the root Web site of a site collection, activate, deactivate, or edit properties of site collection scoped Features through the object model. To browse to the Site Collection Features page and activate or deactivate site collection scoped Features through the UI, you must be a site collection administrator.

AddAndCustomizePages: Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services–compatible editor.DeleteListItems: Delete items from a list, documents from a document library, and Web discussion comments in documents.

11 comments:

Nice Article but there could be a simpler way for this just take backup of master page from library and then modfiy default.master from _catalogs/master Page/default.master and in that click "View all site content" in sharepoint designer and there is visible attribute make it false...simple solution time effective...

By the way I am looking for solution in which I want to hide particular link from quick launch for readers.. Lets take one simple scenario. I have Finance Team site and I have one document library named My Finance Documents.. on which acess is only given to Finance Contributors group... but on another hand there is Finance readers group and they had read access on whole site... so they can see that link of Document library on Quick Launch but when they click on it they got Access Error denied" which is completely normal...I wanted to hide the document library for readers...but on another hand when Contributor logs in they should be able to see link for that library... based on my little work out I figure out that I need to write javascript and put it in via designer as its something called role based navigation....but I don't know java script so I am looking for any solution.. Any help would be highly appreciated...my email is preet.patel11@gmail.com

Hi Preet. I appreciate your feedback, thanks. I agree, your way works, but because the VASC and RB links are not required master page elements you could simply remove them entirely without any issues. I like leveraging security trimming so you can retain the links and control who sees them, but if removing the links for all users is required then either method (removal or applying a false attribute) works. In cases where editing the master page is not an option then the CSS approach I provide is the cleanest.

I should also mention that your method ends up customizing the master page, which has positives and negatives. I was going to blog on this subject but Andrew Connell covered this topic quite extensively here and here. There are ways to make your changes and remove the "customizations" which I recommend doing. I will be covering that in another blog soon so stay tuned.

As far as your navigation issue goes, it sounds like you don't have your security set up correctly (or it isn't functioning correctly). Both WSS 3.x and MOSS 2007 have a feature called security trimming, and the rules of security trimming state that "you cannot see what you do not have access to." I have tested this on my dev server to follow your exact scenario and had it working. Here is what I did...

When I created my Finance Team site I broke permissions from the parent, I created a new Finance Owners Group that had owner permissions on the site, I created a new Finance Contributors Group that had limited contributor permissions, and added Viewers which had view-only rights. The Viewer's group contain only NT AUTHORITY\authenticated users. I then created a new Financial Documents doc library and checked that I wanted it visible in the Quick Launch. I browsed to Settings > Document Library Settings, click on "Permissions for this Document Library." I went to Actions > Edit Permission. When I was got the warning about breaking permissions I clicked OK. I removed the Viewers group. To test this I wen to the home page as myself where I am in the Finance Owners Group and confirmed the link to the Financial Documents library was visible. I then signed in as a test account that was in the Viewers group and confirmed that the link to the Financial Documents was gone.

One other explanation for your visitors seeing that link in the Quick Launch is that your navigation was manually configured and someone added the link to the library. If that is the case you can either remove the link, use audience targeting on the link, or go back to using the default navigation.

Hi Chris, Nice article. Its really clear my lots of doubt. I am new to sharepoint. I am stuck with some scenario. I need to hide the VASC and RB links for some user group. This article can remove the these links from master page. Is there any way to remove these links for some users only?

Sounds simple enough. What you need to do is add the users to a group and edit the group permission to only have "reader" permissions on all sites. Or, in a more typical scenario you would have all authorized domain uses having read-only access. You then would create groups and add users to new groups to elevate privledge from there for other permissions sets like Site Owners. In escense everyone starts with only read rights and then you are managing group permisions beyond that. You can even use AD (security) groups to keep things simple and more globally manageable. Make sense?

Thanks Chris!!I had tried assigning the reader permission to user group. But this doesn't hide the VASC link. I need to hide this link for some users. Moreover the user group has view, add, delete items from lists which enables RB links. Is this is possible to hide RB and VASC links with having contribute permission?

If this group has add and delete permissions then their privledges have essentially been elevated and are no longer just readers. Having said that, you can still modify the master page and change the PermissionsString property value in the SharePoint:SPSecurityTrimmedControl to "ManageWeb". This essentially makes it so that only site owners can see both of those links. Users with add/delete privileges should not see the VASC and RB links under these conditions unless their permissions on the site have been elevated to be able to manage that site.

This looked like a great approach , but when i do this, the title of the web parts on my pages get hidden also. Any idea why this would happen? or what i can do differently so that it does not happen?ThanksDean

Hi Dean. I'm assuming you are taking the CSS approach and you have a little conflict with the Web Part titles. They happen to use this same h3.ms-standardheader as well. Try changing your CSS as follows.